commit fbc8880923a860c7e088ecb7a370a1e8d790336c
parent dcbcba323c7eb1d8d62697f437d1b019812cf876
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 6 Dec 2005 21:29:12 +0000
sec
Diffstat:
5 files changed, 41 insertions(+), 4 deletions(-)
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Dec 6 13:25:56 PST 2005
+ Fixed security problems in PDF extractor
+ (http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities)
+ Releasing libextractor 0.5.8.
+
Sun Dec 4 23:36:00 PST 2005
Fixed AVI mime-type to be video/x-msvideo.
diff --git a/configure.ac b/configure.ac
@@ -1,8 +1,8 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.57)
-AC_INIT([libextractor], [0.5.7], [bug-libextractor@gnu.org])
+AC_INIT([libextractor], [0.5.8], [bug-libextractor@gnu.org])
AC_REVISION($Revision: 1.67 $)
-AM_INIT_AUTOMAKE([libextractor], [0.5.7])
+AM_INIT_AUTOMAKE([libextractor], [0.5.8])
AM_CONFIG_HEADER(src/include/config.h)
AH_TOP([#define _GNU_SOURCE 1])
diff --git a/contrib/doxygen b/contrib/doxygen
@@ -23,7 +23,7 @@ PROJECT_NAME = libextractor
# This could be handy for archiving the generated documentation or
# if some version control system is used.
-PROJECT_NUMBER = 0.5.6
+PROJECT_NUMBER = 0.5.8
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put.
diff --git a/src/plugins/pdf/Stream.cc b/src/plugins/pdf/Stream.cc
@@ -410,18 +410,32 @@ void ImageStream::skipLine() {
StreamPredictor::StreamPredictor(Stream *strA, int predictorA,
int widthA, int nCompsA, int nBitsA) {
+ int totalBits;
+
str = strA;
predictor = predictorA;
width = widthA;
nComps = nCompsA;
nBits = nBitsA;
+ predLine = NULL;
+ ok = gFalse;
nVals = width * nComps;
+ totalBits = nVals * nBits;
+ if (totalBits == 0 ||
+ (totalBits / nBits) / nComps != width ||
+ totalBits + 7 < 0) {
+ return;
+ }
pixBytes = (nComps * nBits + 7) >> 3;
- rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+ rowBytes = ((totalBits + 7) >> 3) + pixBytes;
+ if (rowBytes < 0) {
+ return;
+ }
predLine = (Guchar *)gmalloc(rowBytes);
memset(predLine, 0, rowBytes);
predIdx = rowBytes;
+ ok = gTrue;
}
StreamPredictor::~StreamPredictor() {
@@ -1015,6 +1029,10 @@ LZWStream::LZWStream(Stream *strA, int predictor, int columns, int colors,
FilterStream(strA) {
if (predictor != 1) {
pred = new StreamPredictor(this, predictor, columns, colors, bits);
+ if (! pred->isOk()) {
+ delete pred;
+ pred = NULL;
+ }
} else {
pred = NULL;
}
@@ -2900,6 +2918,13 @@ GBool DCTStream::readBaselineSOF() {
height = read16();
width = read16();
numComps = str->getChar();
+ if (numComps <= 0 || numComps > 4) {
+ return gFalse;
+ }
+ if (numComps <= 0 || numComps > 4) {
+ return gFalse;
+ }
+
if (prec != 8) {
error(getPos(), "Bad DCT precision %d", prec);
return gFalse;
@@ -3258,6 +3283,10 @@ FlateStream::FlateStream(Stream *strA, int predictor, int columns,
FilterStream(strA) {
if (predictor != 1) {
pred = new StreamPredictor(this, predictor, columns, colors, bits);
+ if (! pred->isOk()) {
+ delete pred;
+ pred = NULL;
+ }
} else {
pred = NULL;
}
diff --git a/src/plugins/pdf/Stream.h b/src/plugins/pdf/Stream.h
@@ -231,6 +231,8 @@ public:
StreamPredictor(Stream *strA, int predictorA,
int widthA, int nCompsA, int nBitsA);
+ GBool isOk() { return ok; }
+
~StreamPredictor();
int lookChar();
@@ -250,6 +252,7 @@ private:
int rowBytes; // bytes per line
Guchar *predLine; // line buffer
int predIdx; // current index in predLine
+ GBool ok;
};
//------------------------------------------------------------------------
